|Publication number||US4985921 A|
|Application number||US 07/333,646|
|Publication date||Jan 15, 1991|
|Filing date||Apr 5, 1989|
|Priority date||Apr 11, 1988|
|Also published as||DE58909263D1, EP0337185A2, EP0337185A3, EP0337185B1|
|Publication number||07333646, 333646, US 4985921 A, US 4985921A, US-A-4985921, US4985921 A, US4985921A|
|Original Assignee||Spa Syspatronic Ag|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (5), Referenced by (44), Classifications (16), Legal Events (8)|
|External Links: USPTO, USPTO Assignment, Espacenet|
The invention consists of a portable data carrying device containing a control unit and an additional data memory, each of which is implemented as a integrated circuit. The control unit is provided with means for making connection with an external read/write unit.
Data exchange and data processing systems with a multiple of such portable data carrying devices are well known. The data carrying devices are interconnected as needed for individual uses with a read/write unit in order to communicate With the system. The data carrying devices of the referenced type, which are equipped with a control unit in addition to a sufficient memory capacity, make possible not only an interactive data and signal exchange with the system, but also decentralized data processing and storage in the individual "intelligent" data carrying devices. Such data carrying devices result in extremely versatile and highly developed application possibilities. Such data carrying devices are typically put to use in card form (in credit card format with embedded integrated circuit architecture (so-called "chip cards"). Accordingly, although the data carriers are predominantly referred to hereinafter as "cards", other embodiments should nonetheless not be excluded.
In practically all applications of such data exchange systems one of the most important prerequisites is the security against manipulation and misuse or unauthorized access to the stored and transmitted information, indeed with the "fixed" system components as well as the transportable data carriers. High security requirements exist for the latter in particular on account of their wide distribution (possibility of loss or theft), but also--with "built-in intelligence"--on account of the voluminous stored data therein as well as the stored electronic encoding, as these are necessary for the protected data communication with read/write units (identification and authentication functions).
Accordingly an object of the foregoing invention is the protection of a portable data carrier of the foregoing type against access and decoding or correspondingly interpretation of the relevant safeguarded data and information stored therein by unauthorized third parties. This object is achieved according to the present invention in that in the referenced data carrying device entry to the additional data memory by the control unit is protected. The protected entry is permitted to be accomplished--as described further below --in various manners through integrated cryptographic circuit means or methods. In this manner improper access to the individual data carrying devices is effectively prevented.
Specially adapted variations of the invention are disclosed. It is to be particularly noted that the invention is employed independently of whether the integrated circuity of a data carrying device ("card") is split betWeen two or more components connected by conductors or is combined on a single carrier (so-called multi-chip--or single chip configurations). The invention therefore makes possible the extension of the memory capacity of additional chips as well as the application of complex chips with the preservation of the "internal" security of the data carrying device. .
Further features of the invention can be derived from the various embodiments in the following description in combination With the drawings.
FIG. 1 illustrates a portable data carrying device in accordance with the present invention with a control unit and a data memory requiring an access code.
FIG. 2 illustrates another embodiment of the portable data carrying device with separate microprocessors for encryption of data exchanges.
FIG. 3 illustrates another embodiment of the portable data carrying device which utilizes a secret microcode to secure data exchange.
FIG. 4 illustrates still a further embodiment of the portable data carrying device utilizing a microcode within a single chip to secure data exchange.
FIGS. 1-4 are schematic illustrations of the data carrying cards, in particular plastic cards with embedded integrated semi-conductor circuits ("chips"), wherein the latter are illustrated greatly enlarged and simplified in relation to the card format with the circuitry or, correspondingly, functional areas arranged thereon. It should be understood that the layout of these circuits--extent and design of the individual regions--can be varied according to each application.
In FIG. 1 a plastic card is illustrated as a data carrying device in which two integrated semi-conductor - circuit components ("chips") 2 and 4 are set. The component 2 comprises the control unit of the data carrying device and is connected to an external contact 9 of the card 1 for the purpose of connecting to an external (not illustrated) read/write unit of the data exchange system. The connections for the external unit can also be produced in other manners than the galvanized contact, for example, by known means with an inductive coupling and so forth. The control unit 2 preferably comprises a microprocessor with a computer and RAM - and ROM-storage areas as well as additionally a data memory region. An additional data memory 5 exists on the second component 4. The connection between the two components 2 and 4 is produced by means of a multiple conductor strip 3. For technical assembly reasons, it may be useful to combine the components 2 and 4 with the conductor strip 3 and if necessary the external contact 9 into a common module for the construction in the plastic card 1.
An external connection to the control unit 2 can only be made by means of the contact 9 so that an exchange of sensitive data between the card and the system in a known fashion can only come about after successful authentication and identification, which functions are participated in by the control unit. The data exchange is produced also however Within the card between the components 2 and 4 by however within the card between the components 2 and 4 by means of the conductor strip 3. In order to prevent manipulation and unauthorized access to the data memory 5, entry to this memory is protected by the control unit 2. For example according to FIG. 1, an access code region 6 is associated with the data memory 5 for this purpose. In this manner the memory is accessible only by means of a code signal C which is produced by the control unit 2, that is, data exchange D between the components 2 and 4 is only possible after successful decoding of the code region 6. Also, the data exchange within the component 2 between the control unit and a data memory existing there is produced in a similarly protected manner, although not further illustrated. Such protected data exchange processes are produced within the data carrying device 1 with a certain degree of self-sufficiency without participation of external system parts (naturally apart from the current supplied over the contacts 9). The access in particular to the sensitive data in the data memory 5 is thereby protected by means of a barrier which can only be overcome by means of key codes (key lock) employed within the card. In this manner the security can substantially be enhanced so that in the microprocessor of the control unit 2 new access codes can always be generated, for example after each successful access to the additional data memory. memories). The implementation of the additional memory 5 is possible as a serial memory with comparative logic and with a minimum number of connecting conductors 3 between the components 2 and 4.
In the embodiment according to FIG. 2, the general construction of the data carrying card 1 with the integrated circuit components 2a, 4a interconnected by means of the conductor strip 3 is the same as in FIG. 1. The control unit 2a connected with the external contacts 9 similarly comprises a microprocessor and a data memory region. On the other hand, the component 4a contains besides the additional memory 5 likewise a microprocessor 8 Whereby still further possibilities with respect to applications and security are achieved. With the help of a microprocessor 8 it is possible not only to secure entry to the data memory 5 from the control unit 2 as in FIG. 1 and with it the unauthorized reading of data from the memory 5, but also beyond this to secure the entire data exchange over the conductors 3, that is, to accomplish this in coded or decoded form. HoWever, the double-pass entry system is only possible after a successful cryptographic authentication from the opposite pas which again is only produced, "within the card", that is, without participation of external system parts.
The general construction in the example according to FIG. 3 with a control unit 2b and an additional data memory 4b in the form of separate integrated circuits corresponds again to the foregoing examples. A protected entry to the additional data memory 5 is realized in this embodiment again in another manner, namely in that the microcode of the control unit 2b, designated 10, is secret. Of course, a well known microprocessor can be employed in the control unit 2b and this microprocessor can be based upon an "uncommon" microcode 10 only known to the manufacturer and therefore secret. In this manner an unauthorized access to the data stored in the data carrier or correspondingly a decoding of the information exchanged over the conductors 3 is rendered impossible, even if there was success in getting through the multiple conductor strip 3.
In contrast to the above described embodiments, the data carrying device or correspondingly the plastic card 1 according to FIG. 4 contains one individual semi-conductor component 12, on which the control unit 2c, the additional data memory 5 as well as further circuit regions are in total implemented in an integrated circuit configuration. In a manner similar to the example according to FIG. 3, the microcode 10a in the microprocessor of the control unit 2c is secret so that entry to the additional data memory 5 is again protected ("mechanical" access on the conductors between the regions of the integrated circuit on one and the same carrier would naturally however be considerably more difficult than on the conductors 3 Which are laid within the plastic card 1 or correspondingly Within a module Which consists of the two separate components 2 and 4).
With the computer in the microprocessor of the control unit 2c there exists further an additional computer 14 in combination With registers 15 which are likewise positioned on the carrier 12. As indicated the registers 15 are likewise coordinated With the secret microcodes 10a of the control unit 2c, that is, the signal exchange between the control unit 2c and the additional computer 14 is produced likewise on the basis of the secret codes. One such additional calculator 14 makes possible the execution of especially highly developed cryptographic methods within the portable data carrying device, that is, without requiring external calculating capacity and thereby particular data exchanges with external system parts. This means that the application of the secret microcodes 10a remains restricted to the integrated circuits of the single carrier 12 in the data carrying device whereby high level security against manipulation and unauthorized access is achieved.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4453074 *||Oct 19, 1981||Jun 5, 1984||American Express Company||Protection system for intelligent cards|
|US4575621 *||Mar 7, 1984||Mar 11, 1986||Corpra Research, Inc.||Portable electronic transaction device and system therefor|
|US4799061 *||Nov 18, 1985||Jan 17, 1989||International Business Machines Corporation||Secure component authentication system|
|US4823388 *||Feb 5, 1987||Apr 18, 1989||Kabushiki Kaisha Toshiba||Communications network using an enciphering and deciphering device|
|US4827512 *||Oct 6, 1986||May 2, 1989||Kabushiki Kaisha Toshiba||Programmable portable electronic device|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US5128997 *||Jul 17, 1990||Jul 7, 1992||Centre National D'etudes Des Telecommunications||Wired microcircuit card and a method for transactions between a corresponding wired microcircuit card and a terminal|
|US5185798 *||Jun 15, 1990||Feb 9, 1993||Ntt Data Communications Systems Corporation||Ic card system having a function of authenticating destroyed data|
|US5293577 *||Jul 17, 1991||Mar 8, 1994||Siemens Nixdorf Informationssysteme Ag||Method and apparatus for preventing inadmissible deviations from the runtime protocol of an application in a data exchange system|
|US5357091 *||Apr 30, 1992||Oct 18, 1994||Fujitsu Limited||Card type input/output interface device and electronic device system using the same|
|US5614892 *||Apr 24, 1995||Mar 25, 1997||Pom, Inc.||Payment slot communicating apparatus for vendng prices|
|US5875480 *||Dec 21, 1992||Feb 23, 1999||Gemplus Card International||Microcomputer PC-cards|
|US5912453 *||Sep 25, 1996||Jun 15, 1999||International Business Machines Corporation||Multiple application chip card with decoupled programs|
|US6182205||Dec 10, 1998||Jan 30, 2001||Gemplus Card International||Microcomputer PC-cards|
|US6182217||Sep 3, 1999||Jan 30, 2001||Siemens Aktiengesellschaft||Electronic data-processing device and system|
|US6195752||Apr 15, 1999||Feb 27, 2001||Siemens Aktiengesellschaft||Electronic data processing circuit|
|US6776346||Feb 24, 2000||Aug 17, 2004||Stmicroelectronics Sa||Secured access device with chip card application|
|US7185145||May 29, 2002||Feb 27, 2007||Renesas Technology Corp.||Memory card|
|US7219844 *||Mar 27, 2002||May 22, 2007||Oberthur Card Systems Sa||Methods for protecting a smart card|
|US7350023||Dec 11, 2006||Mar 25, 2008||Renesas Technology Corp.||Memory card|
|US7617528 *||Jan 26, 2004||Nov 10, 2009||Ecebs Limited||Smartcard with protected memory access|
|US7636438||Sep 7, 1998||Dec 22, 2009||Giesecke & Devrient Gmbh||Data medium authentication method|
|US7694067||Jan 16, 2008||Apr 6, 2010||Renesas Technology Corp.||Memory card|
|US7979348||Apr 23, 2003||Jul 12, 2011||Clearing House Payments Co Llc||Payment identification code and payment system using the same|
|US8024269||Dec 6, 1999||Sep 20, 2011||Datatreasury Corporation||Remote image capture with centralized processing and storage|
|US8494963||Sep 19, 2011||Jul 23, 2013||Data Treasury Corporation||Remote image capture with centralized processing and storage|
|US8725607||Jan 30, 2004||May 13, 2014||The Clearing House Payments Company LLC||Electronic payment clearing and check image exchange systems and methods|
|US20030233562 *||Jun 12, 2002||Dec 18, 2003||Sachin Chheda||Data-protection circuit and method|
|US20040034594 *||Apr 23, 2003||Feb 19, 2004||Thomas George F.||Payment identification code and payment system using the same|
|US20040145339 *||Mar 27, 2002||Jul 29, 2004||Paul Dischamp||Methods for protecting a smart card|
|US20040177215 *||May 29, 2002||Sep 9, 2004||Mizushima Nagamasa||Memory card|
|US20060126422 *||Dec 12, 2003||Jun 15, 2006||Matsushita Electric Industrial Co., Ltd.||Memory device and electronic device using the same|
|US20060130154 *||Nov 30, 2004||Jun 15, 2006||Wai Lam||Method and system for protecting and verifying stored data|
|US20060156396 *||Jan 26, 2004||Jul 13, 2006||Ecebs Limited||Smartcard with protected memory access|
|US20070088906 *||Dec 11, 2006||Apr 19, 2007||Nagamasa Mizushima||Memory card|
|US20090013125 *||Jan 16, 2008||Jan 8, 2009||Nagamasa Mizushima||Memory card|
|USRE36769 *||Oct 18, 1996||Jul 11, 2000||Fujitsu Limited||Card type input/output interface device and electronic device using the same|
|EP0856818A2 *||Dec 23, 1997||Aug 5, 1998||Motorola, Inc.||Apparatus and method for accessing secured data stored in a portable data carrier|
|EP0856818A3 *||Dec 23, 1997||May 8, 2002||Motorola, Inc.||Apparatus and method for accessing secured data stored in a portable data carrier|
|EP0952562A2 *||Mar 22, 1996||Oct 27, 1999||Citibank, N.A.||System and method for commercial payments using trusted agents|
|EP0952562A3 *||Mar 22, 1996||Apr 20, 2005||Citibank, N.A.||System and method for commercial payments using trusted agents|
|EP0984403A1 *||Sep 1, 1998||Mar 8, 2000||Mindport B.V.||Security system|
|EP1396815A1 *||May 29, 2002||Mar 10, 2004||Renesas Technology Corp.||Memory card|
|EP1396815A4 *||May 29, 2002||Apr 13, 2005||Renesastechnology Corp||Memory card|
|WO1996034373A1 *||Apr 24, 1996||Oct 31, 1996||Pom, Inc.||Payment slot communicating apparatus for vending devices|
|WO1999013436A3 *||Sep 7, 1998||May 6, 1999||Hermann Drexler||Data medium authentication method|
|WO1999041715A1 *||Feb 11, 1999||Aug 19, 1999||Innovatron||Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto|
|WO2000013151A1 *||Aug 30, 1999||Mar 9, 2000||Irdeto Access B.V.||Security system|
|WO2000051087A1 *||Feb 24, 2000||Aug 31, 2000||Stmicroelectronics Sa||Device for secure access to a chip card applications|
|WO2004066196A1 *||Jan 26, 2004||Aug 5, 2004||Ecebs Limited||Smartcard with protected memory access|
|U.S. Classification||713/193, 235/380, 705/65, 713/159, 713/172|
|Cooperative Classification||G06Q20/341, G06Q20/367, G07F7/1008, G06Q20/40975, G06Q20/357|
|European Classification||G06Q20/40975, G06Q20/357, G06Q20/341, G06Q20/367, G07F7/10D|
|Apr 5, 1989||AS||Assignment|
Owner name: SPA SYSPATRONIC AG, A CORP. OF SWITZERLAND, SWITZE
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNOR:SCHWARTZ, HERMANN;REEL/FRAME:005081/0362
Effective date: 19890330
|Jul 20, 1994||FPAY||Fee payment|
Year of fee payment: 4
|Jul 20, 1994||SULP||Surcharge for late payment|
|Jul 14, 1998||FPAY||Fee payment|
Year of fee payment: 8
|Jul 15, 2002||FPAY||Fee payment|
Year of fee payment: 12
|Oct 28, 2008||B1||Reexamination certificate first reexamination|
Free format text: CLAIM 1 IS CANCELLED. NEW CLAIMS 8-13 ARE ADDED AND DETERMINED TO BE PATENTABLE. CLAIMS 2-7 WERE NOT REEXAMINED.
|Oct 20, 2009||RR||Request for reexamination filed|
Effective date: 20060228
|Nov 27, 2012||B2||Reexamination certificate second reexamination|
Free format text: THE PATENTABILITY OF CLAIMS 2-13 IS CONFIRMED.CLAIM 1 WAS PREVIOUSLY CANCELLED.